Overview
Severity: HIGH | Affected: OpenAI, Google, Anthropic | Category: research
Researchers from Carnegie Mellon University have published a paper detailing a novel jailbreak technique named 'Contextual Triggering.' The attack involves embedding subtle, seemingly benign trigger phrases across a multi-turn conversation. When an LLM processes a sequence of these triggers, it enters a 'permissive state,' effectively disabling its safety filters for subsequent harmful requests. The paper demonstrates a greater than 80% success rate against leading models from OpenAI, Anthropic, and Google in red-teaming exercises. Unlike traditional prompt injection, this method is difficult for current static filters to detect as individual prompts appear harmless. The research places significant pressure on AI developers to implement more dynamic, context-aware safety mechanisms that can monitor the evolution of a conversation's state, rather than just analyzing single prompts in isolation.